﻿/// ****************************************************************************
/// Author:	        Robin Zhu
/// Create Date:	2015-2-15
/// Purpose: 		根据FormsAuthentication cookie和Session中保存的内容生成Principal
/// ****************************************************************************
/// Modify By		Date			Remark
/// Robin           2015-3-26       防止无App授权的用户获得用户验证
/// ****************************************************************************
/// 
using RB.Utility;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Principal;
using System.Text;
using System.Web;
using System.Web.Security;

namespace RB.Web.Security
{
    public class SessionAuthenticationModule : IHttpModule
    {

        public void Dispose()
        {
        }

        public void Init(HttpApplication context)
        {
            context.AcquireRequestState += context_AcquireRequestState;
        }

        void context_AcquireRequestState(object sender, EventArgs e)
        {
            HttpApplication app = (HttpApplication)sender;
            HttpContext context = app.Context;

            try
            {
                if (context.Request != null)
                {
                    string ticket = null;
                    // 如果是带ticket的用户principal
                    if (context.Request.IsAuthenticated && 
                        context.User.Identity is FormsIdentity && context.User.Identity.Name.StartsWith("T:"))
                    {
                        ticket = context.User.Identity.Name.Substring(2);
                    }
                    else
                    {
                        ticket = context.Request["ticket"];
                    }
                    if (!string.IsNullOrEmpty(ticket))
                    {
                        IPrincipal principal = (IPrincipal)context.Session[ticket];
                        if (principal != null)
                        {
                            context.User = principal;
                        }
                        else
                        {
                            int userIsOnlineTimeWindow = Membership.UserIsOnlineTimeWindow;
                            if ("true".Equals(context.Request["rememberMe"], StringComparison.CurrentCultureIgnoreCase))
                            {
                                userIsOnlineTimeWindow = 0;
                            }
                            if (VarAuthentication.Authenticate(context, ticket, userIsOnlineTimeWindow))
                            {
                                context.Session[ticket] = context.User;
                            }
                            else
                            {
                                context.User = new GenericPrincipal(new GenericIdentity(""), null);

                                if (string.IsNullOrWhiteSpace(context.Request["ticket"]))
                                {
                                    context.Request.QueryString.SetReadOnlyItemValue("ticket", ticket);
                                }
                            }
                        }
                    }
                }
            }
            catch(HttpException)
            {

            }
        }

    }
}
